A US Senate committee has been warned that the Stuxnet worm, which was designed to prevent Iran making weapons grade plutonium, could be tinkered with to stuff up any industry on the planet.
Insecurity experts speaking to the Senate Homeland Security and Governmental Affairs Committee said that the widespread interconnection of corporate networks and use of SCADA systems means that industrial infrastructure is increasingly vulnerable to software attack.
According to Ars Technica, control systems, like those targeted by Stuxnet are used in virtually every industry and are commonly exposed to insecure networks.
Dean Turner, director of the Global Intelligence Network at Symantec told the committee that the Stuxnet worm was both complex, using a range of techniques to infect machines and spread through networks, and carefully targeted, with a payload specifically designed to attack Siemens SCADA software.
The “implications of Stuxnet are beyond any threat we have seen in the past,” Turner said.
The authors of the worm are unknown, but the attack was well-resourced and sophisticated. Israel has been suggested as the cyber war culprit, but equally, and ironically, it could have also been the United States. Q, operating in the UK, is unlikely to have ordered his teams to come up with it as Blighty tends to be closer to Iran than the US.
Michael Assante, head of the newly created, not-for-profit National Board of Information Security Examiners, told the senators that control systems should be unplugged from other networks to make them harder to penetrate.
Senator Joe Lieberman said that laws that required companies to have decent security will probably be drawn up next year.